1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

Important New Android Ransomware Locks Device Completely

Discussion in 'Security Updates' started by snoopy, Jul 17, 2014.

  1. snoopy

    snoopy Registered Members

    Joined:
    Aug 1, 2010
    Messages:
    1,671
    Location:
    At my computer
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    custom built -
    New Android Ransomware Locks Device Completely
    Malicious activity resists reboot, kills other processes every ten milliseconds
    Warning message purporting to be from the FBI

    Android users are a constant target for cybercrooks, who have released a new scareware with ransomware capabilities that locks the mobile phone completely.

    The fresh piece poses as a legitimate app that can be downloaded from third-party Android software repositories, and asks for administrator privileges.

    Once the elevated permissions are obtained, it automatically blocks the phone with a ransom message purporting to be from the FBI. Access to data or any function of the device is restricted, making it inoperable.

    Researchers at Lookout security firm say that navigating to a different app is not possible because the malicious app, which they named ScarePakage, uses a Java TimerTask to kill any processes unrelated to the malware every ten milliseconds.

    Moreover, the cybercriminals integrated a wave lock mechanism designed to instruct Android that the app needs to stay on, which prevents the phone from entering sleep mode.

    The ransom message displayed on the screen purports to be from the FBI and informs that the lock has been enabled due to violation of federal laws of the United States that prohibit visiting online locations that provide pornographic content involving children, animals, as well as child abuse and spamming.

    Lookout says that several hundred dollars are requested via a MoneyPak voucher in order to unlock the device. However, they also report that the app does not actually check if the voucher code works and only validates its correct length.

    This could mean that the victim can provide a random code to unlock the phone, provided that they have the correct length of a MoneyPak voucher. However, this has not been confirmed by Lookout, as they did not immediately reply to our request.

    According to the security researchers, the malicious app masquerades as an Adobe Flash package, and in some cases, as an antivirus solution which even starts a scan of the device. Of course, the verification is fake, and as soon as it completes, the lock is applied to the phone.

    Restarting the device does not disable the ransomware because “a boot receiver class resumes ScarePakage’s takeover of your device immediately, shutting down all other processes that the user interacts with,” says Meghan Kelly on the Lookout blog.

    One precaution that could prevent getting the device infected with this malicious app implies avoiding to download packages from sources outside Google Play Store.

    Also, another way is to not give administrator privileges to apps that have not been verified as being delivered by trusted developers. ScarePakage does not need the phone to be rooted in order to render it inoperable; it only needs elevated privileges

    http://news.softpedia.com/news/New-Android-Ransomware-Locks-Device-Completely-451125.shtml
     
    snoopy, Jul 17, 2014
    #1

Share This Page